summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos
diff options
context:
space:
mode:
Diffstat (limited to 'source4/auth/kerberos')
-rw-r--r--source4/auth/kerberos/kerberos_pac.c24
1 files changed, 7 insertions, 17 deletions
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 3294699070..df1a871f85 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -44,9 +44,8 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
Checksum cksum;
cksum.cksumtype = (CKSUMTYPE)sig->type;
- cksum.checksum.length = sizeof(sig->signature);
- cksum.checksum.data = sig->signature;
-
+ cksum.checksum.length = sig->signature.length;
+ cksum.checksum.data = sig->signature.data;
ret = krb5_crypto_init(context,
keyblock,
@@ -172,11 +171,8 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
if (krbtgt_keyblock) {
- DATA_BLOB service_checksum_blob
- = data_blob_const(srv_sig_ptr->signature, sizeof(srv_sig_ptr->signature));
-
ret = check_pac_checksum(mem_ctx,
- service_checksum_blob, &kdc_sig,
+ srv_sig_ptr->signature, &kdc_sig,
context, krbtgt_keyblock);
if (ret) {
DEBUG(1, ("PAC Decode: Failed to verify the KDC signature: %s\n",
@@ -300,9 +296,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
}
sig->type = cksum.cksumtype;
- if (cksum.checksum.length == sizeof(sig->signature)) {
- memcpy(sig->signature, cksum.checksum.data, sizeof(sig->signature));
- }
+ sig->signature = data_blob_talloc(mem_ctx, cksum.checksum.data, cksum.checksum.length);
free_Checksum(&cksum);
return 0;
@@ -319,7 +313,6 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_error_code ret;
DATA_BLOB zero_blob = data_blob(NULL, 0);
DATA_BLOB tmp_blob = data_blob(NULL, 0);
- DATA_BLOB service_checksum_blob;
struct PAC_SIGNATURE_DATA *kdc_checksum = NULL;
struct PAC_SIGNATURE_DATA *srv_checksum = NULL;
int i;
@@ -367,8 +360,8 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
}
/* But wipe out the actual signatures */
- ZERO_STRUCT(kdc_checksum->signature);
- ZERO_STRUCT(srv_checksum->signature);
+ memset(kdc_checksum->signature.data, '\0', kdc_checksum->signature.length);
+ memset(srv_checksum->signature.data, '\0', srv_checksum->signature.length);
nt_status = ndr_push_struct_blob(&tmp_blob, mem_ctx, pac_data,
(ndr_push_flags_fn_t)ndr_push_PAC_DATA);
@@ -382,11 +375,8 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
ret = make_pac_checksum(mem_ctx, &tmp_blob, srv_checksum,
context, service_keyblock);
- service_checksum_blob
- = data_blob_const(srv_checksum->signature, sizeof(srv_checksum->signature));
-
/* Then sign Server checksum */
- ret = make_pac_checksum(mem_ctx, &service_checksum_blob, kdc_checksum, context, krbtgt_keyblock);
+ ret = make_pac_checksum(mem_ctx, &srv_checksum->signature, kdc_checksum, context, krbtgt_keyblock);
if (ret) {
DEBUG(2, ("making krbtgt PAC checksum failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));